# Webserver config

- name: Install the webserver packages
  dnf: name={{ item }} state=present
  with_items:
    - python3-gunicorn
    - nginx
    - libsemanage-python


- name: install python3-certbot-nginx
  dnf: name=python3-certbot-nginx state=present
  when: hubs_ssl_cert != None

- name: get the letsencrypt cert
  command: certbot certonly -n --standalone --pre-hook "systemctl stop nginx" --post-hook "systemctl start nginx" -d {{ hubs_url_hostname }} --agree-tos --email admin@fedoraproject.org
  args:
    creates: "{{ hubs_ssl_key }}"
  when: hubs_ssl_cert != None
  notify:
    - restart nginx


- name: Nginx configuration for hubs
  template:
    src: nginx.conf
    dest: /etc/nginx/conf.d/fedora-hubs.conf
  notify:
    - restart nginx


- name: Nginx SSL configuration
  template:
    src: "{{ item }}"
    dest: /etc/nginx/ssl_params
  with_first_found:
    - nginx_ssl_params.{{ ansible_hostname }}
    - nginx_ssl_params
  when: hubs_ssl_cert != None
  notify:
    - restart nginx


- name: Nginx proxy configuration
  copy:
    src: "{{ item }}"
    dest: /etc/nginx/proxy_params
  with_first_found:
    - nginx_proxy_params.{{ ansible_hostname }}
    - nginx_proxy_params
  notify:
    - restart nginx


- name: Allow network connection for Nginx
  seboolean:
    name: httpd_can_network_connect
    state: yes
    persistent: yes


- name: Create the log directory
  file:
    path: "{{ hubs_log_dir }}"
    owner: "{{ main_user }}"
    state: directory


- name: Install the Gunicorn config file
  template:
    src: gunicorn.py
    dest: "{{ hubs_conf_dir }}/gunicorn.py"
  notify: "hubs configuration change"


- name: Start and enable the services
  service: name={{ item }} state=started enabled=yes
  with_items:
    - fedora-hubs-webapp
    - nginx
